Wednesday, October 17, 2007

Managed Security Service Provider Survey

Many companies, large and small, are now considering or have already outsourced certain network security tasks to third-party providers. Today, there are hundreds of Managed Security Service Providers (MSSPs), with offerings that range from managed firewall and virtual private network (VPN) services, to managed intrusion detection (IDS) and anti-spam/virus e-mail filtering. According to Gartner, the North American MSSP market continued to expand during the past year, with revenue increasing 19 percent during 2H03 alone.

Why do businesses outsource these sensitive services? To cut cost. MSSPs can offload many labor-intensive tasks associated with establishing a solid network defense, including security hardware/software installation, provisioning, maintenance, and 24x7 event monitoring. They can hire and train experts to staff a security operations center (SOC), investing in remote administration and surveillance platforms, creating a common infrastructure from which to satisfy the security needs of many customers.

In return, customers can reduce capital equipment investments, in-house security staff, and better budget and account for the cost of security by paying a fixed monthly tab.

Of course, no company should abdicate control over the security of their business network. Although your company may delegate certain security implementation and monitoring tasks to an MSSP, you will retain responsibility for determining security policies and dictating incident responses. Purchasing a managed security service means entering into a close and trusted partnership with your chosen provider. It's vital to consider not only the cost, breadth, and depth of services offered, but also each MSSP's history, reputation, business practices, service commitments, and "house style" of interacting with customers.

Before you conduct this type of qualitative assessment, you'll need to identify one or more MSSP candidates who are capable of delivering the security services that your company needs, in the countries where your business operates. To that end, ISP-Planet has been conducting semi-annual MSSP surveys since 1999. What follows here is our fourth MSSP survey, conducted in December 2004.

Participating providers
Our survey attempts to provide an apples-to-apples comparison between common security services offered by a modest but representative MSSP sample set, ranging from national to global, from network generalist to security specialist. By presenting example services in this fashion, we hope to help readers better understand the kinds of security services that are commercially available and some common attributes that should be considered when shopping for such services.

The following table identifies the MSSPs participating in this year's survey, and the surveyed services that are now offered by each provider. In addition, many participants offer managed security services beyond the scope of our survey, such as managed authentication, PKI, vulnerability scanning, and security monitoring for other networked devices. Several also offer related professional services, like security consultation, education, risk assessment, auditing, and emergency response. Consult MSSP websites for services beyond those addressed by our survey.



http://www.isp-planet.com/technology/2004/mssp1.html